Splunk developer/Admin
Resume:
Shaini Parikh
Splunk Engineer
US Citizen
****************@*****.***
PROFESSIONAL SUMMARY:
6.5+ years of experience in Information Technology field as Splunk Developer/Admin, Enterprise Security ES.
Strong experience with Splunk 5.x, 6.x and 7.x product, distributed Splunk environment.
Design, & Integration experience on Security information and Event management solutions (SIEM)
Experienced in Architecting and deploying clustered/distributed Splunk Enterprise 6.x implementations to large, complex customers.
Implemented and finalized Splunk infrastructure in both a lab reference environment, as well as in production.
Creating accurate reports, Dashboards, Visualizations, Elastic search and Pivot tables for the business users.
Integrating Splunk with a wide variety of legacy data sources and industry leading commercial security tools that use various protocols.
In depth and extensive knowledge of Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
Experience in integrating non-standard logs and sources into Splunk including SQL queries, scripted inputs and custom parsers.
Expertise in Installation, Configuration, Migration, Troubleshooting, and Maintenance of Splunk infrastructure.
Creating accurate reports, Dashboards, Visualizations, Elastic search and Pivot tables for the business users.
Experience in using Splunk platform in Linux and windows.
Worked on Security solutions (SIEM) that enable organizations to detect, respond and prevent these threats by providing valuable context and visual insights to help you make faster and smarter security decisions.
Experience with Splunk UI/GUI development activities by managing the Splunk knowledge objects like Field extraction, Tags and Lookups management.
Ability to Debug Splunk related and integration issues.
Experience setting up and maintenance of On-premise Dynatrace, EUM Monitoring.
Handle issues with Dynatrace Console, Agents Configurations.
Implemented workflow actions to drive troubleshooting across multiple event types in Splunk.
Performed Splunk Indexer/Search Heads upgradation, installation and configuration of Splunk Apps.
Triggers using PL / SQL and UNIX Shell scripts.
Expertise in Creating Splunk app for Enterprise Security to identify and address emerging security threats using continuous monitoring, alerting and analytics.
Installed and monitored Splunk Forwarders on Windows, UNIX and LINUX servers.
Used XML, Advanced XML and Search Processing language (SPL) for creating Dashboards, views, alerts, reports and saved searches.
Developed customized application configurations in SPLUNK to parse, index multiple types of log format across all application environments.
Worked with source code organization instruments like CVS, SVN and Git. Presentation to outline organization gadgets like Puppet.
Familiar in System Administration with Windows 2003-2008 Servers, Red Hat Linux Enterprise Servers, Solaris and IBM AIX servers.
Monitored the Splunk system by identifying terrible missions, dashboards and wellbeing of Splunk and collaborate with individual gatherings to upgrade execution.
Developed customized Shell scripts in order to install, manage, configure multiple instances of SPLUNK forwarders, indexers, search heads, deployment servers.
Handled the SiteMinder Web Agent foundation and summarized the Web Agent on Web Server cases.
Troubleshooting and handling postproduction issues, on-site support, worked closely with engineering to coordinate and provide all the required information and interacting with the client.
Strong qualitative analysis skills to lend insight into highly ambiguous and sensitive business problems. In-depth understanding of processes and technology integration challenges.
TECHNICAL SKILLS:
Log Analysis Tool
Splunk Enterprise Server 5.x/6.x, Splunk Universal Forwarder 5.x/6.x, Splunk DB Connect,
Web/App Servers
Web Sphere Application Server 5.0/6.x/7.x/8.x, Web Sphere MQ Sever 6.x/7.x, WebSphere XD 6.0/6.1, IBM Http Server 6.x/7.x/8.x, Apache Web Server 2.x, Tomcat 5.5, IIS 6/7.x
Operating Systems
IBM AIX (5.1/6.1), RHL Linux, Windows Server 2003/2008 R2, VMWare
Programming
Java, J2EE, C++, C, SQL/PL SQL, HTML, DHTML, XML.
Scripting
JACL, Python, WSCP, WSADMIN, Korn Shell Script, Perl, JavaScript, CSS, Batch
Databases
Oracle (8i/9i), UDB/DB2, Sybase, MS SQL Server, IBM DB2
Monitoring tools
Wily Introscope 8.x/9.x, Tivoli, BSM Topaz, Tivoli Performance Viewer, IBM Thread and Heap Analyzers
Networking
TCP/IP Protocols, Socket Programming, DNS.
Framework
MVC, J2EE Design Patterns, Struts.
IDE
Eclipse, RAD 7, Net Beans, Edit plus, TOAD
Others
Site Minder r6/r12/r12.5, Ping Federate 6.X,7.X
PROFESSIONAL EXPERIENCE:
Role: Splunk Developer
Jan 2018 – Present
Northern Trust - Chicago, IL
• Responsible for initiating, planning, executing, configuring, and deploying the latest version of Splunk on a Windows or Linux environment.
• Install and maintain the Splunk add-on including the DB Connect 1, Active Directory LDAP for work with directory and SQL database.
• Installed and configured Splunk DB Connect in Single and distributed server environments.
• Configure the add-on app SSO Integration for user authentication and Single Sign-on in Splunk Web.
•Worked on installing Universal and Heavy forwarder to bring any kind of data fields in to Splunk.
• Provide Regular support guidance to Splunk project teams on complex solution and issue resolution.
• Helping application teams in on-boarding Splunk and creating dashboards/alerts/reports etc.
• Maintained and managed assigned systems, Splunk related issues and administrators.
• Involved in admin activities and worked on inputs.conf, index.conf, props.conf and transform.conf to set up time zone and time stamp extractions, complex event transformations and whether any event breaking.
• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Designing and maintaining production-quality Splunk dashboards.
• Create Dashboard, Reports and Alerts for events and configure alert mail.
• Setup Splunk Forwarders for new application tiers introduced into environment and existing applications Work closely with Application Teams to create new Splunk dashboards for Operation teams.
• Deployed Splunk updates and license distribution over multiple servers using a deployment server.
• Upgraded Splunk Enterprise from v 6.2 to v 6.5.2 in clustered environments and non-clustered environments
• Support SPLUNK on UNIX, Linux and Windows-based platforms. Assist with automation of processes and procedures.
• Maintain current functional and technical knowledge of the SPLUNK platform and future products.
• Experience in Splunk GUI development creating Splunk apps, searches, Data models, dashboards and Reports using the Splunk query language.
• Troubleshooting and resolve the Splunk - performance, search poling, log monitoring issues; role mapping, dashboard creation etc. Experience with Web Services and load balancing configurations.
• Splunk Enterprise security event monitoring, log index and correlation planning.
• Strong experience with Splunk apps such as: Splunk App for Security and Compliance, PCI
• Monitored Splunk infrastructure for capacity planning, system health, availability, and optimization.
• Experience in creating SQL loader scripts to load data from flat files into the database and also creating External Tables to manage data which is store at the OS level.
• Created Splunk app for Enterprise Security to identify and address emerging security threats through the use of continuous monitoring, alerting and analytics.
• Created Shell Scripts to install Splunk Forwarders on all servers and configure with common configuration files such as Outputs.conf and Inputs.conf files.
• Application Servers like Web Sphere Application Server, Tomcat, IBM HTTP Server, Apache Web Server, Load Balancing, JBoss, Splunk and Data Power.
• Expertise with SIEM (security information and event management). Manage Splunk user accounts (create, delete, modify, etc.) Scripted SQL Queries in accordance with the Splunk.
• Maintain current functional and technical knowledge of the Splunk platform and future products.
• Worked with CSV and JSON file formats.
• Splunk enterprise deployment using AWS.
Environment: Splunk 6.x, Splunk Enterprise and Splunk modules, Tomcat 6.x, Apache 2.x, Solaris10, Oracle 11g/10g, Me, web services, HTTP, HTML, XML, SSL, SIEM, Sun ONE Directory Server 6, Python.
Role: Splunk Security Engineer
AT&T - Austin, TX
April 2015 – Dec 2017
• Assisted the Splunk Architect with designing the Splunk infrastructure and implemented the design including configuring clustered Indexers and Search Heads, setting up Deployment Server, and installing Universal Forwarders on servers and network devices.
• Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.
• Upgraded Splunk Enterprise from v 6.5 to v 6.6.2 in clustered environments and non- clustered environments.
• Developed Splunk Objects and reports on Security baseline violations, Non-authenticated connections, Brute force attacks and many use cases.
• Installation of Splunk Enterprise, Splunk forwarded, Splunk Indexer, Apps in multiple servers (Windows and Linux) with automation.
• Good experience in building Splunk Security Analytics. Lead logging enrolments from multi-tier applications into the enterprise logging platforms.
• Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow.
• Perform implementation of security and compliance-based use cases. Performing maintenance and optimization of existing Splunk deployments.
• Working on Splunk ITSI glass tables, deep dives, ITSI modules.
• Install and maintain the Splunk adds-on including the DB Connect, Active Directory LDAP for work with directory and SQL database.
• Configure the adds-on app SSO Integration for user authentication and Single Sign-on in Splunk Web.
• Configure and Install Splunk Enterprise, Agent, and Apache Server for user and role authentication and SSO.
• Continuous monitoring of the alerts received through mails to check if all the application servers and web servers are up.
• Field Extraction, Using Ifx, Rex Command and Regex in configuration files.
• Creating Reports, Pivots, alerts, advance Splunk search and Visualization in Splunk enterprise.
• Adding Users to access Splunk through Remedy process (AD group), Splunk Authentication & Authorization
• Field Extraction, Using Ifx, Rex Command and Regex in configuration files, Various types of charts Alert settings Knowledge of app creation, user and role access permissions.
• Installed Splunk forwarder and Splunk indexers and Search heads on various platforms like windows, Linux, UNIX.
• Installed, configured and administered Splunk Enterprise Server and Splunk Forwarder on RedHat Linux and Windows servers.
• Worked on development experience in customizing Splunk dashboards, visualizations, configurations, reports and search capabilities using customized Splunk queries.
• Experience providing security operations support by troubleshooting incident tickets related to security.
• Performed Splunk administration tasks such as installing, configuring, monitoring and tuning.
• Good experience in clustering, deploying apps through Splunk deployment server, deployer, Splunk version upgradation, creating roles and authentication.
Environment: Splunk 6.x, Splunk DB connect, Splunk DB2 connect, Shell and Python Script, Tomcat 7.x, Configured plug-ins for Apache HTTP server 2.4, RedHat Linux 6.x.
Role: Splunk Developer
Verizon - Austin, TX
July 2014 – Mar 2015
• Responsible for the end-to-end event monitoring infrastructure of business-aligned applications.
• Installation, Configuration, Migration, Troubleshooting and Maintenance of Splunk, WebLogic Server 7.0/8.1/9.x/10.x, Apache Web Server on different UNIX, Linux.
• Prepared, arranged and tested Splunk Search Strings and Operational Strings.
• Created and configured management reports and dashboards.
• Monitored Database Connection Health by using Splunk DB connect health dashboards.
• Monitoring Splunk dashboards, Splunk Alerts and configure scheduled alerts based on the internal customer requirement.
• Setting up dashboards for senior management and production support- required to use Splunk.
• Created EVAL Functions where necessary to create new field during search run time.
• Optimized Splunk for peak performance by splitting Splunk indexing and search activities across different machines.
• Extracted complex Fields from different types of Log files using Regular Expressions.
• Generated Search Commands to retrieve multiline log events in the form Single transaction giving Start Line and End Line as inputs.
• Guarantee high accessibility & execution through flat scaling and burden adjusted segments.
• Deliver inputs for identifying best fit architectural solutions - deployment for Splunk project.
• Architected various components within Splunk (indexer, forwarder, search head, deployment server), Heavy and Universal Forwarder, Parsing, Indexing, Searching concepts, Hot, Warm, Cold, Frozen bucketing, License model.
• Maintained and managed assigned systems, Splunk related issues and administrators.
• Used Splunk Enterprise REST API that uses HTTP requests to configure and manage Splunk instance, create and run searches.
Environment: Splunk 5.1.2, XML, CSS, JavaScript, VMware, Windows, Unix, Linux, Regular Expressions.
Contact this candidate